If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

ZoneAlarm Question

Ok I hope that this doesn't turn into a this product sucks, use this one, or a You shouldnt use Outlook debate... This is just a question that I was wondering if anyone had thought about or run into.

Here is the scenario:

I have ZoneAlarm Pro Loaded

I am using Outlook 2000 as my mail client

I have MS Word 2000 set as my default email editor

I receive an email with a hyperlink

I click on the hyperlink, ZoneAlarm Pro prompts me to let MS Word access the Internet

I click yes and remember this answer

Latter I receive a document as an attachment that is infected with a macro virus mass-mailer (for sake of this question lets assume that the virus is new and my anti-virus definitions will not catch it)

Since I have already told ZoneAlarm to always allow MS Word to access the Internet will it allow the virus/trojan/whatever to access the Internet and send out multiple copies of it self?

It shouldn't because that trojan should be leaving as a different program. Unless it uses your Word 2000 to leave. Or if it uses your Outlook program to send the mail then it might get past.
Hope this helps

[gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]

if ZoneAlarm is set to always allow MS Word to access the Internet will it allow a macro virus/trojan/whatever in MS Word to access the Internet thus defeating the blocking of un-solicited outbound traffic?

If the macro virus was entirely Word-based, yes. The thing is, though, (as far as I know) you really can't do much on the internet with Word Macros. If somebody really wanted to do something malicious, they would have to have an external program (ex visual basic script) do it which ZoneAlarm would then prompt for.

As far as emails, though, yes - a Word macro could start shooting off emails and if they sent them through Outlook, then you wouldn't be alerted.

Macro Virii

BOFH

The answer to your question is, Yes it will be able to access the internet and mail copies of itself (Assuming you have Outlook as always being a to connect). Remember that Office products (Excel, Word, Outlook, Etc) are all interconnected and intergrate Visual Basic for Applications (VBA) therefore a macro virus could have ALMOST the same capabilities as a Visual Basic Program.

Now in regards to Zone Alarm Firewall:
Lets say you have Word , Outlook and Internet Explorer as always being connected...

The the virus could not only propagate itself through email (Courtesy of Outlook) , but it could also have the capabilities of downloading and executing a file from the internet (Courtesy of IE), as well as several other things such as editing the registry, etc, etc.. The possibilites are endless with VBA.

To top this off...If the virus creator anticipated a user having Zone Alarm...they could check to see if it was installed ; and then delete or corrupt it...

At that point it could use FTP (Courtesy of DOS) and download and upload files...

All with a macro....

I hope this has helped to answer your question!

Personal Note: Honestly, I would not use Outlook or Outlook Express for an email client, for the simple fact that almost 95% of the email-propagating virii/worms target Outlook Users

Simon Templer

\"Your work is to discover your world and then with all your heart give yourself to it. \"
-The Buddha

The the virus could not only propagate itself through email (Courtesy of Outlook) , but it could also have the capabilities of downloading and executing a file from the internet (Courtesy of IE), as well as several other things such as editing the registry, etc, etc.. The possibilites are endless with VBA

If I were to create a VB script to use IE to download a file from the internet, would not an IE window pop up? That is, from my experience with VBA (which is not all that much), you cannot easily hide an external program you are executing (IE). Granted, you could minimize it, but most people would probably catch that.

Brief Explanation

Ok.. First

If I were to create a VB script to use IE to download a file from the internet...

VB Script and VB programming are not the same...VB Script is exactly as its name implies...a "scripting language" although yes, VB Script is based on Visual Basic.. VB Script uses the Windows Scripting Host to execute VBS files. Visual Basic Source is actually compiled to create applications.

Office uses VBA which uses the syntax of the Visual Basic Programming language.

Second..The Ability to Hide Shelled Programs.

If you wanted to run an application "hidden", then this can be achieved by taking advantage of the "vbHide" keyword.

Example:
Shell "[whatever]", vbHide

This would "shell" "whatever" and it would be hidden from the user's view...

Unfortunetly..if you try to download a file using vbHide..you will recieve a File Download Dialog Box...But you will not see IE

There is a way to download a file from the internet..without prompting or recieving a File Download Dialog Box...However I am afraid to post the source... for fear that someone will be tempted to misuse it.

Oddly enough when I was testing the code...I found that Zone Alarm gave me no warning... It did NOT give any alerts (even for Word) I even disallowed internet to M$ Word, and the file was still downloaded to my hard drive without warning...

Interesting isn't it... All from a Word Macro

Simon Templer

\"Your work is to discover your world and then with all your heart give yourself to it. \"
-The Buddha

Sorry about that - I have to get out of the habit of classifying VB and VBA under just "VB". Thanks for pointing that out.

Definately interesting how everything could be piped through IE without ZoneAlarm knowing. Goes to show you still absolutely need antivirus, firewall, and always keep the antivirus up to date. Even then you have to make sure you are careful what you run.